WooYun is an information security platform where researchers report vulnerabilities and vendors give their feedbacks.

Backdoor Privacy Attack

The security breach, according to the website, was a result of 'backdoor privacy attack' caused by the installation of a malicious jailbreak tweak.

It appears that Hackers are using a variety of "built-in backdoors" that could be numerous of malicious jailbreak tweaks in an effort to acquire victim's iCloud account information.

Once installed, these malicious tweaks transferred the iCloud login details of the jailbreak users to an unknown remote server.

So far, it is unclear that who is behind the attack, and what are their intentions to do with the stolen iCloud accounts. But, the report states that WooYun has notified the appropriate vendors – apparently Apple – about the issue and are awaiting processing.

Below you can see the (slightly) translated version of the report:

Considering just one jailbreak tweak, 220,000 seems to be a huge number. Though it is believed that a number of malicious jailbreak tweaks have been used by the criminals, out of which many are posted as free versions of popular paid tweaks.

KeyRaider Malware

Update: In a separate research, security researchers at Palo Alto Networks discovered an iPhone malware, which they dubbed as "KeyRaider," that stole more than 225,000 credentials from jailbroken devices.

According to security researchers, KeyRaider is capable of:

Stealing Usernames and Passwords from Jailbroken Apple devices

Stealing device's unique identifier (GUID)

Stealing App Store purchase information

Locking victim's device and hold it for Ransom

The malware was delivered through a third-party repository for Cydia – App Store for jailbroken iPhones.

According to Palo Alto Networks, this is the largest theft of Apple user credentials executed with malware.

Most victims of KeyRaider are in China, the security firm said, but the threat may have impacted victims from 17 other countries including the United Kingdom, United States, France, Canada, South Korea and Germany.

Who is Affected?

The security flaw has nothing to do with Apple's security and affects only iOS users who have attempted jailbreak on their devices.

However, with such a large number of compromised Cloud accounts, it appears that such an attack could be the result of a more organized method, which could be due to a pre-installed backdoor.

As pointed out by Reddit user ZippyDan, the Chinese market traders often sell iPhones and iOS devices that are pre-jailbroken. Also, many of these devices may have been passed on with the shady tweaks already installed.

How to Protect Yourself?

It's unlikely to say not to jailbreak your device, as we can take some necessary steps to tighten up our device security.

Here are some steps that you should implement to help protect yourself:

From last week, Google began paving the way to run Android apps on Chrome Operating System through the project named "App Runtime for Chrome", but the release came with a lot of limitations – it only supported certain Android apps and on Chrome OS only. At the launch, initially only 4 Android apps – Vine, Evernote, Duolingo and Sight Words – were added to the Chrome Web Store.

That was pretty exciting, but it merely whet the appetite of users hungry for more functionality. So, what if you could run more than just 4 Android apps on Chrome OS? And Also could run them on other operating systems as well?

A developer by the name of "Vlad Filippov" began working on it to stripped away the limits Google has imposed. He successfully figured out a way to bring more Android apps to Chrome, instead of just the four that are officially supported by Google.

The bigger success was that when Filippov got Android apps to work on any desktop Operating System that Chrome runs on. This means that now you are able to run Android apps on Windows, Mac, and Linux as well.

The process uses App Runtime for Chrome (ARC) – a Google project that allows Chrome to run native code safely within a web browser. Since ARC was only officially released as an extension on Chrome Operating System, but Native Client extensions are meant to be used on different platform.

So, in an efforts to do so, Filippov made a custom version of ARC, called ARChon, which supports both desktop Chrome and Chrome OS. However, there is one potential roadblock with the ARChon that it doesn't run Android app packages (APKs), which instead need to be converted into a Chrome extension. Now, that’s simply made possible by the use of "chromeos-apk", another Filippov’s tool, which as a result allows operating systems to support an unlimited number of Android APKs.

Install Node.js and Filippov’s chromeos-apk tool on a Linux system (it’ll work on a Chromebook running Ubuntu in Crouton, so you don’t necessarily need a separate computer).

Download an Android APK and then use the chromeos-apk tool to prepare the app to run on Chrome OS.

Copy the converted app to your Chromebook, type “chrome://extensions” (without quotes” in the URL bar, enable Developer mode, and then use the “Load unpacked extension” option to locate and install the app.

That’s all !! Not every Android app will work. Some apps that have been confirmed to work include Pandora, Twitter, Soundcloud, and Skype — although you have to do a little extra work to make Skype work. Some other apps such as XBMC, WhatsApp, Firefox, Opera, and Spotify do not work yet. You can even keep track of which APKs have been tested in the Chrome-apk subreddit.

BigBoss repository, one of the biggest and most popular repositories for jailbreak tweaks in Cydia, has reportedly been hacked by either an individual or a group of hackers.

Cydia is a software application for iOS that enables a user to find and install software packages on jailbroken iOS Apple devices such as the iPhone, the iPod Touch, and the iPad. Most of the software packages available through Cydia are free, but some require purchasing. The BigBoss repository is default repository in jailbroken iOS devices and has long been one of Cydia’s biggest and best, but it may have just been targeted by cybercriminals.

The hackers, who go by the name “Kim Jong-Cracks”, managed to gain access to all packages, including all paid as well as free, and made their own repository available with all BigBoss repository applications for free.

“The other post more than likely broke rule 1 because it linked the site directly. To anyone that didn't see the post the BigBoss repo was (supposedly) hacked by either an individual or group of people and they have a repo out there with all of BigBoss's packages (paid and free). Their proof.log shows that they have the original MD5 sums," the Reddit post suggesting BigBoss repository hack.

The hackers have named their site as ripBigBoss, which claims to offer all 13,954 BigBoss packages for free. As a proof to the hack, the hackers made the deb index and BigBoss database available for download, which contains a massive log file that have the names of all those packages with their MD5 sums.

The ripBigBoss website created by hackers uses Saurik's recent "Competition vs Community" as a motivation behind their activities, but it could be also an attempt to hide their actual identity. Additionally, they are promoting the use of #WhichSideAreYouOn and #SupportTheCompettition hashtags as well.

Kim Jong-Cracks claims to have injected those free packages with malware, but Jay Freeman commonly known as Saurik, the creator of Cydia, believes it untrue. Still, packages hosted by the original BigBoss repository is considered to be safe, however.

Saurik has confirmed to iDownloadblog that the injection of malware into the BigBoss repository is unlikely as the packages in Cydia repositories are verified from the repository package index.

“This article mentions malware being potentially injected into the BigBoss repository; we do not believe this to be the case, Saurik said in a statement to iDB. “Packages in Cydia repositories are cryptographically verified from the repository package index. I have an index of all historic changes to the package indices for default repositories, and have verified that the content on BigBoss did not change in ways that the repository administrators did not expect.”

But, we recommend you to avoid installing or updating any jailbreak tweak from the BigBoss repository. Also, those who have jailbroken their iOS devices are advised not to install or download any tweaks from ripBigBoss repository. Because, downloading such pirated tweaks on your iOS device might lead you installing malware on your devices.